111 Actions

Refresh token uniqueOk, in that case, my question is valid again. How could be a refresh token generated in order to prevent collisions in the database?

Mar24

comment

Refresh token uniqueWell, I think I misunderstood the protocol. My approach is to use in my app my own API letting my users log in and use my platform. Maybe do I need Resource Owner Password Credential flow?

Mar24

comment

Refresh token uniqueI am using client_credentials so client_id and client_secret are the same for all the applications involved. Which is different is the username and password but following the protocol, refreshing a token wouldn't need this data again

Mar24

comment

Refresh token uniqueI have seen that code before but this code doesn't check if that token exists in the DB associated to a user.